We’ve written about internet hoaxes many times before on Naked Security.
Sometimes, hoaxes – made-up nonsense about software, bugs or hackers – get spread widely because they sound exciting and scary.
Even when a hoax sounds bizarre and unlikely, it may get picked up and repeated as an earnest truth by millions of people, all of whom really ought to know better.
A few years ago, for example, we had Talking Angela, where a rumour took off that an unexplained reflection depicted in an app’s image was actually a paedophile that could take pictures of your children via your phone’s camera.
More recently, we had the odious hoax known as the Momo Challenge, where parents around the world needlessly terrified their own children by warning them that the image of a chicken-headed woman was circulating online, and bad things would happen to them if they accidentally saw it.
Of course, all the endlessly repeated gossip and hearsay surrounding this Momo picture resulted in the image itself – which was scary but not actively dangerous in any cybersecurity sense – being widely circulated, so that every panicky parent would know what it looked like just in case…
…while every panicked child would probably see it too, causing an uncontrolled spiral of fear.
Not all hoaxes are fear-mongering ones, however.
There are also pranks, like the Rickroll, where you send someone a link that you say is one thing but when they click it, they see a video of Rick Astley singing Never Gonna Give You Up.
The rickroll has cult status, and it’s well-known enough that most people who get caught out don’t get offended, but take it as a bit of harmless fun.
Indeed, the rickroll, if not overused (warning: it gets old quickly), could even be said to help people learn the lesson of not blindly clicking through “just because”, all without actually putting them in harm’s way.
But some pranks are neither harmless nor really funny once you think them through.
The “Twitter 2007 multicolor” hoax
This week’s “Twitter 2007 multicolor” hoax is a small but useful example.
Tweets have been circulating saying that you can trigger a cool new Twitter feature – colored tweets in a sort-of rainbow theme – simply by changing your birthday to 2007:
change ur birthday on twitter to 2007 and ur twitter changes completely different colors, it’s crazy, @ me when u do it.
Apprently if you change your Birthday on Twitter to 2007, each tweet starts getting a different color wtf…
Many people routinely give fake birthdays to cloud services, of course, with good reason.
A lot of organisations continue to treat birthdays as some kind of touchstone for customer identification, on the dangerously mistaken assumption that your birthday is meant to be a secret and is therefore a reliable way to establish someone’s identity over the phone or the internet.
A birthday is a useful way of cross-checking someone’s identity. That’s why surgical hospitals ask your name and birthday and what you’re in for on the way to the operating theatre. It doesn’t prove your identity, but it’s not supposed to – it’s just a simple precaution that helps to spot cases of mistaken identity. The hospital isn’t trying to stop you pulling off a fraud and tricking your way into getting someone else’s operation. It’s trying to make sure it doesn’t make a dreadful blunder and send you in for the wrong procedure.
So it might seem harmless to fiddle with your birthday and see what happens.
After all, many apps and services have so-called easter eggs, hidden features that only pop up when some unusual user input or configuration setting is used.
Easter eggs have a bit of a cult following with programmers and technical users – Microsoft Excel famously included hidden games until the company’s Trustworthy Computing initiative rightfully banned the practice as being a likely source of risky bugs from improperly tested code.
In this case, the “Twitter 2007 multicolor” hoax is actually a cruel way to get you locked out of your Twitter account.
Anyone spreading the hoax either hasn’t thought it through before repeating it, or has thought it through and figures it would be funny to cause trouble for other people.
Think about it!
Think about it – anyone born in 2007 is currently at most 12 years old, and therefore couldn’t possibly be 13, which is Twitter’s minumum age.
As Twitter Support itself urges:
We’ve noticed a prank trying to get people to change their Twitter birthday in their profile to unlock new color sc… twitter.com/i/web/status/1…—
Twitter Support (@TwitterSupport) March 27, 2019
Age is a bit of a poisoned chalice for Twitter and other social networks: it’s easy to lie about your age, so the “are you 13” check is kind of useless, because no one under 13 is going to say so…
…but if someone does say they are under 13, the service operator isn’t allowed to assume they’re joking and ignore them.
What to do?
If you go out of your way to insist to Twitter that you are too young to use its service, don’t be surprised if you get locked out of your account.
So, here’s what to do:
- Don’t tell Twitter you’re 12 if you aren’t.
- Don’t tell anyone else to tell Twitter they’re 12 if they aren’t.